From Beginner to Expert as Penetration Tester

From Beginner to Expert as Penetration Tester

by Daniel Sauder

This is the second part of the series, here is part 1.

My first job
The first job as a penetration tester was pretty exciting for me. I was lucky to have many collegues that engaged very much with the newcomers, and for the beginning everyone got at least three workshops lasting 2-4 days, if I remember correctly. The OSCP prepared me pretty well to the thinking of solving the day to day problems on the job. The job was at a consultancy company that mainly is doing penetration testing engagements in Germany. During that time I also started researching about antivirus evasion (in my free time btw). I most consultant jobs time on the job is short. For me that was a huge advantage, I was able to do web app testing in short time. Besides learning from colleagues I also read some books like The Web Application Hackers Handbook, The Shellcoder’s Handbook and Network Security Assessment.
I had my first presentation (in German at the Backtrack Day 2013) about antivirus evasion, which made me very proud of course. During the first job that lasted 18 months I also visited the CCC Congress twice, had several chances to conduct interesting pentests (mostly web and mobile) and did an interesting online course (Malicious Software and its Underground Economy: Two Sides to Every Story). Because I liked the hole exploitation topics I made the SLAE certification, which was a lot of fun and I highly recommend, also for preparing the OSCE. Now there is also a 64 Bit version.

My second job
I learned a lot and had great colleagues, but for me it was time to move on to my second job as a penetration tester, where I had the chance to travel more and to work for clients on site. Further I had the chance to do some Digital Forensics and Indident Response (DFIR) under the condition I do any certification, so I choosed the one the looked easiest for me, that was the CHFI (Certified Hacking Forensics Investigator). I would not necessarily recommend it, but at this time it helped me improving my career and also to do some forensics and incident response work. For the preparations I bought “The Official CHFI Exam Study Guide”. For gaining more in depth knowledge about forensics I attended a course at the University of Applied Sciences Albstadt-Sigmaringen about data storage forensics. Besides the work I continued my research on antivirus evasion and gave a talk at the Deepsec conference 2014 (“Why Antivirus Software fails“). Also I had the chance to speak at public and closed events from my employer and started to visit the OWASP chapter Cologne. For education and to get from professional to expert level I decided to make the OSCEcertification. That was a blast for me. I never had such a challenging time in my career and I fell through the first test and had to take a second shot. The OSCE is highly recognized especially in the Red Team and Exploitation community. Like the OSCP for me it is not about teaching certain techniques, but training the right attitude you need for breaking stuff (Try harder). I was glad when I got the famous mail from offensive security after the second exam. After 17 months on that job I took my chance and hired at a CERT, this will be the story for part 3.

Conclusion & some notes

  • be grateful for the knowledge and support of friends and colleagues – sometimes I forget to say this… so to everyone who helped me during my career: thank you!
  • when it is time to move on, move on, after all it is about business and your personal development
  • Giving talks gave me the great opportunity to network in the community and also to improve self esteem and public speaking
  • Be flexible, I moved for each job in the IT security field
  • for more networking I started to use twitter
  • Don’t give up, “Try harder”, the motto by offensive security also applies to searching for jobs and many more lessons in life, this attitude helped me also with my research
  • Working at a consultancy company is helpful, since it teaches you to be effective (time and costs), you learn to deal with pressure

Further reading:

About the author

Daniel Sauder is Lead Specialist Red Team at a DAX enlisted company in Germany and responsible for the services vulnerability management, penetration testing and red teaming. Before he worked in the field of penetetration testing.

The article has been originally posted at:

May 28, 2019

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Notify of

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013